Kubernetes Console
Find the Console URL
Use the console by navigating to the controller's address with path /zac/
in a web browser. If you published the controller at ctrl.ziti.example.com:443
, then the console URL is https://ctrl.ziti.example.com/zac/
.
The correct console URL is displayed after Helm install or upgrade and may be fetched at any time with Helm.
helm get notes "ziti-controller"
Authenticate with a Username and Password
kubectl get secrets ziti-controller-admin-secret \
--output go-template=\
'{{range $k,$v := .data}}'\
'{{printf "%s: " $k}}{{if not $v}}{{$v}}{{else}}{{$v|base64decode}}{{end}}{{"\n"}}'\
'{{end}}'
Authenticate with an Admin Client Certificate
-
Enroll an admin identity. Link to instructions
-
Unwrap the JSON file to obtain the certificate and private key.
ziti ops unwrap admin2.json
-
Compose a keystore from the certificate and private key. The
-legacy
flag is necessary when importing the keystore into some versions of macOS Keychain Access.openssl pkcs12 -export -in admin2.cert -inkey admin2.key -out admin2.p12 -name "admin2" -legacy -password 'pass:mypassword'
-
Import the keystore:
-
macOS: Import into System Keychain via Keychain Access application for Google Chrome. You can run a terminal command or double-click the keystore file or drag it onto the login keychain to import it.
security import admin2.p12 -k ~/Library/Keychains/login.keychain -T /Applications/Google\ Chrome.app -P 'mypass'
-
Windows: Import into the Windows Certificate Store (Personal store) via certmgr.msc.
-
Linux: Import into your browser's certificate store or system certificate store (e.g., Chrome Settings > Privacy and Security > Security > Manage certificates).
-
-
Visit the console in your web browser. The browser will prompt with a list of imported client certificates. Select the one you imported in the previous step.
-
Press the "LOGIN" button without entering a password.